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LISTING OF CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1-35. (Canceled) 

36. (New) A method for filtering transport layer connections with application layer 
information, comprising the steps of: 

receiving a connection request having an application layer component and a 
transport layer component; 

providing a connection database to store information about connection requests 
and associated application layer outcomes, the information about connection requests 
comprising: 

a maximum number of connections allowed in a cycle; and 

a maximum number of connection requests per requestor during a cycle; 

providing a throttle filter using data from the connection database, the throttle 
filter to filter the connection request at the transport layer component; 

applying the throttle filter to the received connection request; 

if the throttle filter blocks the transport layer component of the connection 
request, dropping the connection request silently, wherein dropping the connection 
silently creates a soft error in a client from an unacknowledged connection request; and 

if the throttle filter allows the transport layer component of the connection 
request, proceeding with the application layer component. 

37. (New) The method of claim 36 further comprising the steps of: 

adding data from an application layer outcome of the connection request to the 
connection database; and 

updating the throttle filter with information from the connection database. 

38. (New) The method of claim 37 wherein the step of adding data comprises the steps 
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of: 

recording a connection requestor identifier to the connection database; and 
providing a connection requestor rank to the connection requestor identifier 
based on an outcome of the application layer connection component. 

39. (New) The method of claim 37 wherein the step of updating the throttle filter with 
information from the connection database comprises periodically replacing throttle filter 
data with a preselected number of connection requestor identifiers ranked least 
desirable in the connection database. 

40. (New) The method of claim 36 wherein the throttle filter is a list of connection 
request characteristics and the step of applying the throttle filter further comprises 
comparing data from the connection request to the list of connection request 
characteristics. 

41 . (New) The method of claim 40 wherein the list of connection request characteristics 
as indicated by data from the connection database further comprises at least one of: 

a list of connection requestor IP addresses to be blocked; 

a list of connection requestor port numbers to be blocked; and 

a list of connection requestor virtual routing forwarding table IDs to be blocked. 

42. (New) The method of claim 36 wherein the step of applying the throttle filter further 
comprises the steps of: 

determining whether a limit of connections created in a connection cycle period 
has been exceeded; 

if the limit of connections created has been exceeded, dropping the connection 
request; 

if the limit of connections created has not been exceeded, determining whether a 
rate of incoming connections has been exceeded; 

if the rate of incoming connections has been exceeded, then dropping the 
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connection request; and 

if the rate of incoming connections has not been exceeded, then comparing 
requestor identification information in the connection request to data in the throttle filter. 

43. (New) The method of claim 36 wherein the connection request is an HTTP request, 
the application layer component is an HTTP connection component and the transport 
layer component is TCP connection component. 

44. (New) The method of claim 36 wherein the connection request is an HTTPS 
request, the application layer component is an HTTPS connection component and the 
transport layer component is TCP connection component. 

45. (New) A system to filter server connections in an embedded system, comprising: 

a network interface to receive a connection request from a requestor, the 
connection request having an application layer connection component and a transport 
layer connection component; 

a filter device to filter connections using the transport layer connection 
component, the filter device including a connection database and a throttle filter, the 
connection database to store information about connection requests and application 
layer connection component outcomes, the throttle filter having data from the 
connection database to filter connection requests using the transport layer connection 
component, the stored information about connection requests comprises: 
a maximum number of connections allowed in a cycle; and 
a maximum number of connection requests per requestor during a cycle; 

and 

a controller coupled to the filter device and the network interface, the controller to 
apply the throttle filter to the transport layer connection component of the connection 
request, to drop the connection request silently if the throttle filter blocks the transport 
layer component, to proceed with an application layer connection if the throttle filter 
allows the transport layer component, to add data about the application layer connection 
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to the connection database, and to update the throttle filter with information about the 
connection database, wherein dropping the connection silently creates a soft error in the 
requestor from an unacknowledged connection request. 

46. (New) The system of claim 45 wherein the server connection is an HTTP server 
connection, the application layer connection component is an HTTP connection 
component, and the transport layer connection component is a TCP connection 
component. 

47. (New) The system of claim 45 wherein the server connection is an HTTPS server 
connection, the application layer connection component is an HTTPS connection 
component, and the transport layer connection component is a TCP connection 
component. 

48. (New) The system of claim 45 wherein the filter device further comprises a rate 
limiter to switch the filter device between global and selective modes, the rate limiter to 
switch the filter device to global mode if a rate limit threshold is exceeded and to switch 
the filter device to selective mode if the rate limit threshold is not exceeded; and 

the controller configured to drop the connection request silently without applying 
the throttle filter if the filter device is in global mode and to apply the throttle filter if the 
filter device is in selective mode. 

49. (New) The system of claim 48 wherein the rate limit threshold further comprises a 
limit of connections created in a connection cycle period. 

50. (New) The system of claim 48 wherein the rate limit threshold further comprises a 
rate of incoming connections. 

51 . (New) The system of claim 45 wherein the connection database is a table in which 
each entry has an IP address of a connection requestor and an associated rank based 
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on an outcome of a connection attempted in response to a connection request from the 
connection requestor. 

52. (New) The system of claim 51 wherein each entry of the table further includes a 
port number of the connection requestor. 

53. (New) The system of claim 51 wherein each entry of the table further includes a 
virtual routing forwarding table ID of the connection requestor. 

54. (New) The system of claim 45 wherein each entry in the table includes an entry 
age, the filter device configured to delete entries having an entry age that exceeds an 
age threshold. 

55. (New) The system of claim 45 wherein the throttle filter as indicated by data from 
the database comprise at least one of: 

a list of IP addresses of connection requestors to be blocked; 

port numbers of connection requestors to be blocked; and 

a virtual routing forwarding table IDs of connection requestors to be blocked. 

56. (New) A method for filtering HTTP server connections in an embedded system, 
comprising the steps of: 

receiving a connection request having an HTTP connection component and a 
TCP connection component; 

providing a connection database to store information about connection requests 
and associated HTTP connection outcomes, the information about connection requests 
comprises: 

a maximum number of connections allowed in a cycle; and 
a maximum number of connection requests per requestor during a cycle; 
providing a throttle filter using data from the connection database, the throttle 
filter to filter the connection request at the TCP connection component; 
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determining whether a limit of connections created in a connection cycle period 
has been exceeded; 

if the limit of connections created has been exceeded, dropping the connection 
request silently; 

if the limit of connections created has not been exceeded, determining whether a 
rate of incoming connections has been exceeded; 

if the rate of incoming connections has been exceeded, then dropping the 
connection request silently; 

if the rate of incoming connections has not been exceeded, then comparing 
requestor identification information in the TCP connection component of the connection 
request to data in the throttle filter; 

if the throttle filter blocks the TCP connection component, dropping the 
connection request silently; 

if the throttle filter allows the TCP connection component, proceeding with the 
HTTP connection component; 

adding data from the HTTP connection component to the connection database; 

and 

updating the throttle filter with information from the connection database, 
wherein dropping the connection silently creates a soft error in a requestor from an 
unacknowledged connection request. 

57. (New) A method for filtering HTTPS server connections in an embedded system, 
comprising the steps of: 

receiving a connection request having an HTTPS connection component and a 
TCP connection component; 

providing a connection database to store information about connection requests 
and associated HTTPS connection outcomes, the information about connection 
requests comprises: 

a maximum number of connections allowed in a cycle; and 

a maximum number of connection requests per requestor during a cycle; 
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providing a throttle filter using data from the connection database, the throttle 
filter to filter the connection request at the TCP connection component; 

determining whether a limit of connections created in a connection cycle period 
has been exceeded; 

if the limit of connections created has been exceeded, dropping the connection 
request silently; 

if the limit of connections created has not been exceeded, determining whether a 
rate of incoming connections has been exceeded; 

if the rate of incoming connections has been exceeded, then dropping the 
connection request silently; 

if the rate of incoming connections has not been exceeded, then comparing 
requestor identification information in the TCP connection component of the connection 
request to data in the throttle filter; 

if the throttle filter blocks the TCP connection component, dropping the 
connection request silently; 

if the throttle filter allows the TCP connection component, proceeding with the 
HTTPS connection component; 

adding data from the HTTPS connection component to the connection database; 

and 

updating the throttle filter with information from the connection database, wherein 
dropping the connection silently creates a soft error in a requestor from an 
unacknowledged connection request. 

58. (New) A computer program product having a computer-readable medium including 
computer program logic encoded thereon that, when performed on a computer system 
directs the computer system to perform the method of: 

receiving a connection request having an application layer component and a 
transport layer component; 

providing a connection database to store information about connection requests 
and associated application layer outcomes, the information about connection requests 
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comprises: 

a maximum number of connections allowed in a cycle; and 
a maximum number of connection requests per requestor during a cycle; 
providing a throttle filter using data from the connection database, the throttle 
filter to filter the connection request at the transport layer component; 
applying the throttle filter to the received connection request; 
if the throttle filter blocks the transport layer component of the connection 
request, dropping the connection request silently, wherein dropping the connection 
silently creates a soft error in a requestor from an unacknowledged connection request; 
and 

if the throttle filter allows the transport layer component of the connection 
request, proceeding with the application layer component. 

59. (New) The method of claim 36 wherein the throttle filter is a list of client identifiers 
for clients to be blocked based on the application layer outcome of past connection 
requests and applying the throttle filter further comprises comparing data from the 
connection request to the list of client identifiers. 

60. (New) The system of claim 45 wherein the throttle filter is a list of client identifiers 
for clients to be blocked based on the application layer outcome of past connection 
requests and wherein the controller applies the throttle filter by comparing data from the 
connection request to the list of client identifiers. 

61 . (New) The method of claim 36 wherein providing a connection database comprises: 

providing a connection database to store information about connection requests 
and associated application layer outcomes, the information about connection requests 
comprising: 

a maximum number of connections allowed in a cycle; and 
a maximum number of connection requests per requestor during a cycle; 
wherein a cycle is a predetermined period of time, determined based upon capabilities 
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and configuration of a system to which the connection database belongs. 



